Lawrence Damilola
Decentralized finance (DeFi) protocol Shezmu has recovered almost $5 million in stolen cryptocurrency after negotiating with a hacker.
Last Thursday, Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, alerted the crypto community to a security breach in one of Shezmu’s storage vaults. Shou confirmed that around $4.9 million in ShezmuUSD (ShezUSD) stablecoin had been stolen. It was initially unclear if the incident was a hack or a rug pull.
.@ShezmuTech has been hacked / rugged. ~$4.9M worth of $ShezUSD stolen.
— Chaofan Shou (@shoucccc) September 20, 2024
One of their vaults used collateral that can be minted by anyone. With the free collateral, the attacker can borrow an arbitrary amount of $ShezUSD. pic.twitter.com/eR0bH5rTV2
Shezmu acted quickly and reached out to the hacker via an on-chain message, offering a 10% bounty in exchange for the return of the funds. “We are requesting the return of 90% of the stolen funds within the next 24 hours,” Shezmu stated, warning that law enforcement would be involved if the hacker did not comply. The hacker responded by asking for a 20% bounty instead, stating, “Sure we can talk about the refund, but only considering 20% as bounty.”
Dear White Hat,
— Shezmu (@ShezmuTech) September 20, 2024
The Shezmu team is offering a 10% bounty of the exploited funds, provided that the remaining funds are returned within the next 24 hours. If the funds are not refunded within this time frame, we will escalate the matter through legal channels.…
Shezmu Agrees to Hacker’s Demands
After receiving the hacker’s response, Shezmu agreed to the 20% bounty, ensuring that no legal action would be taken if the funds were returned. Within hours, the hacker started to return the stolen assets, including 282.18 Ether (ETH) and 137 Wrapped Ether (WETH). The Shezmu team confirmed that the funds were being refunded and continued working on recovering the remaining assets.
Update: An additional 137 WETH was recovered from the shezUSD white hat and returned to the Shezmu Treasury!https://t.co/K2AnPkme9F
— Shezmu (@ShezmuTech) September 21, 2024
As we continue to recover the remaining funds, please do not interact with Oasis until further updates. Thank you for your continued support
“We have already received a substantial amount of the stolen funds,” Shezmu stated, confirming the ongoing recovery process. At the time of writing, some funds were still outstanding, and Shezmu urged investors to limit interactions with its Oasis vault until the situation was fully resolved.
Shezmu also revealed its full reimbursement plan for its users, including allocating airdrops to affected users.
Over the coming days, here’s what you can expect as part of our comprehensive recovery and reimbursement plan:
— Shezmu (@ShezmuTech) September 22, 2024
1. Snapshot of Impacted LPs:
A snapshot of all Beefy, Curve, Balancer, and Aura LPs holding ShezUSD and ShezETH paired assets will be taken to assess the impact and…
In comparison, Indian crypto exchange WazirX has made little progress in recovering $230 million in stolen funds 60 days after being hacked. WazirX has not officially admitted to the breach; instead, it blames its custodian, Liminal, for the loss. However, Liminal has refuted the claims, stating in a report, “An independent audit found no evidence that the cyberattack originated from Liminal’s systems.”
Shezmu’s quick negotiation led to a partial recovery, while WazirX continues to face challenges in tracking down its missing assets.
Read More
- BingX Exchange Suffers $26 Million Hack, Suspends Withdrawals
- Another Security Breach: Decentraland X Account Compromised
- India’s WazirX Exchange Breached, Hacker Siphons Off $230M in Crypto
Lawrence does not hold any crypto asset. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
